<?php
$loc ="login";
require_once('mysql_connect.php');

if(isset($_POST['submit'])){
	$login = strtolower(escape_data($_POST['email']));
	$query = "SELECT * FROM users WHERE email='" . $login . "' LIMIT 1";
	$result = mysql_query($query);
	if(mysql_num_rows($result) > 0){
		$row = mysql_fetch_array($result);
		$p = substr(md5(uniqid(rand(), 1)), 3, 10);
		$queryinsert = "UPDATE users SET password=PASSWORD('" . escape_data($p) . "') WHERE id=" . $row['id'];
		$resultinsert = @mysql_query($queryinsert);
		if($resultinsert){
			mail($row['email'], 'reset password', 'your new password is ' . unescape_data($p). '.\n\n******************\nThis message came from the Quon DVD database.  For more information go to http://www.wbpsystems.com', 'From: ' . $_SERVER['SERVER_NAME']);
			$stat = "email sent!";
			$checkreset = TRUE;
			$mes = "Please check your inbox for a new password.";
		}else{
			$mes = "I'm sorry but that email is not in our database.";
		}
		
	}else{
		$mes = "I'm sorry but that email is not in our database.";
	}
}
include('top.php');
?>
<TABLE><TR><TD>
<?php
if(isset($mes)){
echo "<FONT FACE=\"Verdana\" size=-1 color=\"red\">";
echo $mes;
echo "</FONT><BR>";
}
?>
<FORM ACTION="lostpass.php" method="post"><FONT FACE="Verdana" size=-1>email: </FONT><INPUT TYPE="text" name="email" id="email"><BR><INPUT TYPE="submit" name="submit" id="submit" value="mail password"></FONT></FORM>
<BR><A HREF="register.php"><FONT FACE="Verdana" color="000000" size=-1>register</FONT></A><FONT FACE="Verdana" color="000000" size=-1> | </FONT><A HREF="login.php"><FONT FACE="Verdana" color="000000" size=-1>login</FONT></A>
</TD></TR></TABLE>
<?php
include('bot.php');
?>